diff --git a/.github/workflows/add-release-to-cloudfoundry.yaml b/.github/workflows/add-release-to-cloudfoundry.yaml index f63eab4c982..86ca175c183 100644 --- a/.github/workflows/add-release-to-cloudfoundry.yaml +++ b/.github/workflows/add-release-to-cloudfoundry.yaml @@ -1,12 +1,12 @@ name: Add release to Cloud Foundry -on: +on: release: types: - released jobs: update-releases: permissions: - contents: write # Required to commit and push changes to the repository + contents: write runs-on: ubuntu-latest steps: - name: Checkout "cloudfoundry" branch @@ -42,11 +42,23 @@ jobs: - name: Append release to Cloud Foundry repository run: | echo "${{ steps.get-release-version.outputs.VERSION }}: ${{ steps.get-release-url.outputs.URL }}" >> index.yml - - name: Commit and push changes - uses: planetscale/ghcommit-action@322be9669498a4be9ce66efc1169f8f43f6bd883 # v0.2.17 + - name: Commit changes + id: create-commit + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + if [[ -z "$(git status -s)" ]]; then + echo "No changes to commit, exiting." + exit 0; + fi + + git commit -a -m "chore: Add version ${{ steps.get-release-version.outputs.VERSION }} to Cloud Foundry" + echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - name: Push changes + uses: DataDog/commit-headless@1186485b788f57eedaaadb19919781698b4d262f # action/v1.0.0 + if: ${{ steps.create-commit.outputs.commit != '' }} with: - commit_message: "chore: Add version ${{ steps.get-release-version.outputs.VERSION }} to Cloud Foundry" - repo: ${{ github.repository }} branch: cloudfoundry - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + command: push + commits: "${{ steps.create-commit.outputs.commit }}" diff --git a/.github/workflows/update-docker-build-image.yaml b/.github/workflows/update-docker-build-image.yaml index c0cd84e6ccc..93ff8dc2191 100644 --- a/.github/workflows/update-docker-build-image.yaml +++ b/.github/workflows/update-docker-build-image.yaml @@ -15,7 +15,7 @@ jobs: update-docker-build-image: runs-on: ubuntu-latest permissions: - contents: write # Required to create and push branch + contents: read id-token: write # Required for OIDC token federation steps: - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3 @@ -58,11 +58,6 @@ jobs: else echo "commit_changes=true" >> "$GITHUB_OUTPUT" fi - - name: Download ghcommit CLI - if: steps.check-changes.outputs.commit_changes == 'true' - run: | - curl https://github.com/planetscale/ghcommit/releases/download/v0.1.48/ghcommit_linux_amd64 -o /usr/local/bin/ghcommit -L - chmod +x /usr/local/bin/ghcommit - name: Pick a branch name if: steps.check-changes.outputs.commit_changes == 'true' id: define-branch @@ -72,12 +67,25 @@ jobs: run: | git checkout -b ${{ steps.define-branch.outputs.branch }} git push -u origin ${{ steps.define-branch.outputs.branch }} --force - - name: Commit and push changes + - name: Commit changes if: steps.check-changes.outputs.commit_changes == 'true' - env: - GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }} + id: create-commit run: | - ghcommit --repository ${{ github.repository }} --branch ${{ steps.define-branch.outputs.branch }} --add .gitlab-ci.yml --message "feat(ci): Update Docker build image" + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git commit --message "feat(ci): Update Docker build image" .gitlab-ci.yml + echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - name: Push changes + uses: DataDog/commit-headless@1186485b788f57eedaaadb19919781698b4d262f # action/v1.0.0 + if: ${{ steps.check-changes.outputs.commit_changes == 'true' && steps.create-commit.outputs.commit != '' }} + with: + token: "${{ steps.octo-sts.outputs.token }}" + branch: "${{ steps.define-branch.outputs.branch }}" + # for scheduled runs, sha is the tip of the default branch + # for dispatched runs, sha is the tip of the branch it was dispatched on + branch-from: "${{ github.sha }}" + command: push + commits: "${{ steps.create-commit.outputs.commit }}" - name: Create pull request if: steps.check-changes.outputs.commit_changes == 'true' env: diff --git a/.github/workflows/update-gradle-dependencies.yaml b/.github/workflows/update-gradle-dependencies.yaml index 14d4e587ade..d5c444a4f0f 100644 --- a/.github/workflows/update-gradle-dependencies.yaml +++ b/.github/workflows/update-gradle-dependencies.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest name: Update Gradle dependencies permissions: - contents: write # Required to create new branch + contents: read id-token: write # Required for OIDC token federation steps: - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3 @@ -22,16 +22,9 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 with: submodules: "recursive" - - name: Download ghcommit CLI - run: | - curl https://github.com/planetscale/ghcommit/releases/download/v0.1.48/ghcommit_linux_amd64 -o /usr/local/bin/ghcommit -L - chmod +x /usr/local/bin/ghcommit - name: Pick a branch name - run: echo "BRANCH_NAME=ci/update-gradle-dependencies-$(date +'%Y%m%d')" >> $GITHUB_ENV - - name: Create branch - run: | - git checkout -b $BRANCH_NAME - git push -u origin $BRANCH_NAME --force + id: define-branch + run: echo "branch=ci/update-gradle-dependencies-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - name: Update Gradle dependencies run: | GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx3G -Xms2G'" \ @@ -41,44 +34,44 @@ jobs: JAVA_17_HOME=$JAVA_HOME_17_X64 \ JAVA_21_HOME=$JAVA_HOME_21_X64 \ ./gradlew resolveAndLockAll --write-locks --parallel --stacktrace --no-daemon --max-workers=4 - - name: Commit changes - env: - GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }} + - name: Check for changes + id: check-changes run: | - GH_ADD_ARGS="" - COUNT=0 - BRANCH_HEAD=$(git rev-parse HEAD) - for lockfile in $(git status --porcelain=v1 | awk '{ print $NF }'); do - echo "Found lockfile: $lockfile" - GH_ADD_ARGS="$GH_ADD_ARGS --add $lockfile" - COUNT=$((COUNT+1)) - if [ $COUNT -eq 10 ]; then - echo "Creating a commit to $BRANCH_NAME@$BRANCH_HEAD with $GH_ADD_ARGS" - OUTPUT=$(ghcommit --repository ${{ github.repository }} --branch $BRANCH_NAME --sha $BRANCH_HEAD $GH_ADD_ARGS --message "chore: Update Gradle dependencies" 2>&1) - echo $OUTPUT - if [[ $OUTPUT != *"Success. New commit"* ]]; then - exit 1 - fi - BRANCH_HEAD=${OUTPUT##*/} - echo "ghcommit output: $OUTPUT" - GH_ADD_ARGS="" - COUNT=0 - fi - done - # Check at uncommited files - echo "Checking uncommited files" - git status - # Create a PR from the created branch - if [ $COUNT -gt 0 ]; then - echo "Creating a commit to $BRANCH_NAME@$BRANCH_HEAD with $GH_ADD_ARGS" - ghcommit --repository ${{ github.repository }} --branch $BRANCH_NAME --sha $BRANCH_HEAD $GH_ADD_ARGS --message "chore: Update Gradle dependencies" + if [[ -z "$(git status -s)" ]]; then + echo "No changes to commit, exiting." + echo "has_changes=false" >> "$GITHUB_OUTPUT" + exit 0 + else + echo "has_changes=true" >> "$GITHUB_OUTPUT" fi + - name: Commit changes + if: steps.check-changes.outputs.has_changes == 'true' + id: create-commit + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add . + git commit --no-verify --message="chore: Update Gradle dependencies" + echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - name: Push changes + uses: DataDog/commit-headless@1186485b788f57eedaaadb19919781698b4d262f # action/v1.0.0 + if: ${{ steps.check-changes.outputs.has_changes == 'true' && steps.create-commit.outputs.commit != '' }} + with: + token: "${{ steps.octo-sts.outputs.token }}" + branch: "${{ steps.define-branch.outputs.branch }}" + # for scheduled runs, sha is the tip of the default branch + # for dispatched runs, sha is the tip of the branch it was dispatched on + branch-from: "${{ github.sha }}" + command: push + commits: "${{ steps.create-commit.outputs.commit }}" - name: Create pull request + if: steps.check-changes.outputs.has_changes == 'true' env: GH_TOKEN: ${{ steps.octo-sts.outputs.token }} + BRANCH_NAME: ${{ steps.define-branch.outputs.branch }} run: | # use echo to set a multiline body for the PR - echo -e "This PR updates the Gradle dependencies. ⚠️ Don't forget to squash commits before merging. ⚠️\n\n- [ ] Update PR title if a code change is needed to support one of those new dependencies" | \ + echo -e "This PR updates the Gradle dependencies.\n\n- [ ] Update PR title if a code change is needed to support one of those new dependencies" | \ gh pr create --title "Update Gradle dependencies" \ --base master \ --head $BRANCH_NAME \ diff --git a/.github/workflows/update-jmxfetch-submodule.yaml b/.github/workflows/update-jmxfetch-submodule.yaml index f6fbbadc4e4..06d317f46bf 100644 --- a/.github/workflows/update-jmxfetch-submodule.yaml +++ b/.github/workflows/update-jmxfetch-submodule.yaml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest permissions: - contents: write # Required to create and push branch + contents: read id-token: write # Required for OIDC token federation steps: - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3 @@ -20,7 +20,6 @@ jobs: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - - name: Update Submodule run: | git submodule update --remote -- dd-java-agent/agent-jmxfetch/integrations-core @@ -38,25 +37,29 @@ jobs: if: steps.check-changes.outputs.commit_changes == 'true' id: define-branch run: echo "branch=ci/update-jmxfetch-submodule-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - - name: Create branch - if: steps.check-changes.outputs.commit_changes == 'true' - run: | - git checkout -b ${{ steps.define-branch.outputs.branch }} - git push -u origin ${{ steps.define-branch.outputs.branch }} --force - - name: Commit and push changes + - name: Commit changes if: steps.check-changes.outputs.commit_changes == 'true' - env: - GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }} + id: create-commit run: | git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add dd-java-agent/agent-jmxfetch/integrations-core - git commit -m "Update agent-jmxfetch submodule" - git push origin ${{ steps.define-branch.outputs.branch }} + git commit --message "feat(ci): Update agent-jmxfetch submodule" dd-java-agent/agent-jmxfetch/integrations-core + echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - name: Push changes + uses: DataDog/commit-headless@1186485b788f57eedaaadb19919781698b4d262f # action/v1.0.0 + if: ${{ steps.check-changes.outputs.commit_changes == 'true' && steps.create-commit.outputs.commit != '' }} + with: + token: "${{ steps.octo-sts.outputs.token }}" + branch: "${{ steps.define-branch.outputs.branch }}" + # for scheduled runs, sha is the tip of the default branch + # for dispatched runs, sha is the tip of the branch it was dispatched on + branch-from: "${{ github.sha }}" + command: push + commits: "${{ steps.create-commit.outputs.commit }}" - name: Create pull request - if: steps.check-changes.outputs.commit_changes == 'true' + if: ${{ steps.check-changes.outputs.commit_changes == 'true' && steps.create-commit.outputs.commit != '' }} env: - GH_TOKEN: ${{ steps.octo-sts.outputs.token }} + GH_TOKEN: "${{ steps.octo-sts.outputs.token }}" run: | gh pr create --title "Update agent-jmxfetch submodule" \ --base master \